CVE-2016-9273 — Out-of-bounds Read in Tiff

CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

1.1%

top 22.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJan 18

Latest updateJan 31

Description

tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.6

▶debiandebian/tiff< tiff 4.0.7-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-93qc-w2gq-jr65: tiffsplit in libtiff 4↗2022-05-17

▶

OSV

CVE-2016-9273: tiffsplit in libtiff 4↗2017-01-18

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2017-02-27

▶

Red Hat

libtiff: Out-of-bounds heap read in cpStrips↗2016-11-07

▶

Debian

CVE-2016-9273: tiff - tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service ...↗2016

▶

📄Research Papers

arXiv

SoK: Towards Effective Automated Vulnerability Repair↗2025-01-31

▶

💬Community

HackerOne

libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273)↗2019-10-04

▶

Bugzilla

CVE-2016-9273 CVE-2016-9277 CVE-2016-9297 mingw-libtiff: various flaws [fedora-all]↗2016-11-15

▶

Bugzilla

CVE-2016-9273 CVE-2016-9277 CVE-2016-9297 libtiff: various flaws [fedora-all]↗2016-11-15

▶

Bugzilla

CVE-2016-9273 CVE-2016-9277 CVE-2016-9297 mingw-libtiff: various flaws [epel-7]↗2016-11-15

▶

Bugzilla

CVE-2016-9273 libtiff: Out-of-bounds heap read in cpStrips↗2016-11-15

▶